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Intellectual Property Rights 



IPRs essential or potentially essential to the present document may have been declared to ETSI. The information 
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found 
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in 
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web 
server ( http://webapp.etsi.org/IPR/home.asp ). 

Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee 
can be given as to the existence of other IPRs not referenced in SR 000 314 (or the updates on the ETSI Web server) 
which are, or may be, or may become, essential to the present document. 



Foreword 



This Technical Specification (TS) has been produced by ETSI Project Telecommunications and Internet Protocol 
Harmonization Over Networks (TIPHON). 

The present document is part 2 of a multi-part deliverable covering Security Test Specifications, as identified below: 

Part 1: "Framework"; 

Part 2: "H.323 Environment". 
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1 Scope 

The present document is one part of the security testing standards for which a framework is available in TR 101 888-1. 

The scope of the present document is to define the security test specifications for TIPHON Release 4 for the H.323 
environment. 

The security methods considered in the present document are related only to IP based networks. The signalling path and 
the media path in the SCN is considered to be secure ("Trust by wire"). 



References 



The following documents contain provisions which, through reference in this text, constitute provisions of the present 
document. 

• References are either specific (identified by date of publication and/or edition number or version number) or 
non-specific. 

• For a specific reference, subsequent revisions do not apply. 

• For a non-specific reference, the latest version applies. 

[1] ITU-T Recommendation H. 225.0: "Call signalling protocols and media stream packetization for 

packet-based multimedia communication systems". 

[2] ITU-T Recommendation H.235: "Security and encryption for H. Series (H.323 and other 

H.245-based) multimedia terminals". 

[3] ITU-T Recommendation H.245: "Control protocol for multimedia communication". 

[4] ITU-T Recommendation H.323: "Packet-based multimedia communications systems". 



3 Definitions and abbreviations 

3.1 Definitions 

For the purpose of the present document, the terms and definitions given in the lUT-T Recommendations H. 225.0 [1], 
H.235 [2], H.245 [3] and H.323 [4] apply. 

3.2 Abbreviations 

For the purposes of the present document, the following abbreviations apply: 



A 


Audio 


D 


Data 


IP 


Internet Protocol 


SCN 


Switched Circuit Networks 
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Security Test Strategy 



Security testing should be performed after a vendor has completed product and system testing with the ETSI testing 
standards. 

The basic idea for security testing is to show the generation and insertion of the security bits into the specific parameters 
of the H.323 messages. Because this mechanism is exactly the same on the senders and the receiver's side, no 
distinction is necessary. 

To test entities for their implementation of security two entities (that are already interworking) need to be connected. In 
the case of an incorrect security information it is necessary to go into the detail of the generation of the security bits. In 
order to be able to determine the reason for this failure the security tests strategy is just to look at the different steps of 
the generation and insertion of the security bits into the protocol elements. This is the only way to determine the failure. 

The Security testing shall be performed for the following configurations: 

• Signalling path: 

Gatekeeper and Terminal; 
Gatekeeper and Gateway; 
Gatekeeper and Gatekeeper. 

• Media path: 

Terminal and Terminal; 
Terminal and Gateway; 
Gateway and Gateway. 

• Global Service Providers: 

- BES and TRC; 

- BES and CH; 

- BES and CA. 

The security testing shall be performed in three different parts where the first part deals with the security testing for the 
signalling path (Terminal, Gatekeeper, Gateway) using ITU-T Recommendation H.235 [2] annex D. The second part 
deals with the security aspects for the signalling path equivalent to the first but using ITU-T Recommendation H.235 [2] 
annex F and the media path using H.235. The third part handles the security testing from the BES to the global service 
providers. 
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5 H.235 annex D 

5.1 Overview 

Figure 1 shows the basic steps to be taken at the originating entity. 

H. 225.0 Q.931 message 

I CryptoH323Token I 




nested Ct7ptoToken 
iCryptoHashedToken || token 



Default 
pattern 




V,^^ r T irw i ^^ 



cryptoHashedToken 



ASN1. Encode message 




Figure 1 : Stepwise approach for sender 
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Figure 2 shows the basic steps to be taken at the receiving side starting with the entire message, decoding, breaking it 
into pieces and extracting the necessary parts and the final computation/verification step. 

NOTE 1: The figures just visualize the essential steps as an example and correlate with the print out in clause 5.3; 
in any case, the procedures and description of H. 235 [2] annex D take precedence. 

NOTE 2: The figures and print out reflect H.235vl, i.e. sendersID is not used. 

NOTE 3: The figures and print out reflect a scenario endpoint to gatekeeper; other scenarios and examples are not 
shown. 
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H.225.0 Q.931 message 



CryptoH323Token 



I 



ASN1. Decode message 



I 



H.225.0 Q.931 message 



Cryp1oH323Token 



9 10 



nestedCryptoToken 
iCryptoHashedToken I token 



general Timestamp 

ID 




random 


sendersID 




DH 



5 gy®r'Brgrt ^\m 



cryptoHashedToken 



(.:t 




(5K 








1 HASHED 1 





H.225.0 Q.931 message 



Cryp1oH323Token 



password 



i 



Compute SHA1 hash 




Compute hash HMAC SHA1 



i 



Compare/Verify hash values 



Figure 2: Stepwise approach for receiver 

The example shown uses the RRQ that has been sent by a terminal and received at the gatekeeper. 

• The received RRQ message in binary and with all fields shown. 

• The received binary message part and the separate steps for the verification. 
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5.2 Received message 

A received RRQ message with embedded Cryptotoken: 



RECEIVE RRQ FROM EP AT GK 



14:34:12 
14:34:12 
14:34:12 
14:34:12 
STRING ( 
14:34:12 
14:34:21 
14:34:21 
14:34:21 
14:34:21 
14:34:21 
STRING ( 
14:34:21 
14:34:21 
14:34:21 
14:34:21 
14:34:21 
14:34:21 
14:34:21 
14:34:21 
14:34:21 
14:34:21 
14:34:21 
14:34:21 
14:34:21 
14:34:21 
14:34:21 
14:34:21 
14:34:21 
14:34:21 
14:34:21 
14:34:21 
14:34:21 
14:34:21 
14:34:21 
14:34:21 
14:34:21 



TPKTCHAN 
TPKTCHAN 
TPKTCHAN 
TPKTCHAN 

4. .4) 
TPKTCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 

4. .4) 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 



Address : 
0> <14> TransportAddress = (0) . <1084> CHOICE . . . 
1> . <289> ipAddress = (0) . <1081> SEQUENCE 
2> . . <290> ip = (4) '...j' =0x8bl7ca6a <139 . 23 . 202 . 106> 

2> . . <292> port = (1720) . <115> INTEGER (0.. 65535) 
New message (channel 0) recv < — registrationRequest : 
Address : 

0> <669> TransportAddress = 

1> . <670> ipAddress = (0) 

2> . . <671> ip = (4) ' . . . j 



<1066> OCTET 



(0) . <1084> CHOICE . . . 
<1081> SEQUENCE 
=0x8bl7ca6a <139 . 23 . 202 . 106> 



2> . . 

Binary : 

00000 

00016 

00032 

00048 

00064 

00080 

00096 

00112 

00128 

00144 

00160 

00176 

00192 

00208 

00224 

00240 

00256 

00272 

00288 

00304 

00320 

00336 

00352 



<673> port 



(1151) 



<115> INTEGER (0.. 65535) 



Of 80 
88 53 
00 21 
12 fa 
00 fb 
00 6c 
12 01 
00 60 
5a 00 
ff 20 
ca 6a 
00 Ob 
69 6f 
00 46 
34 00 

61 70 
69 73 
00 01 

62 db 
6e 00 
65 00 
06 00 
00 01 



3a 27 06 
02 06 01 

72 00 5b 

68 00 12 
38 00 12 
cO 00 50 
ec 00 00 
76 3d 18 
50 00 c2 
31 20 33 
04 80 01 
Of 54 65 
6e 08 52 
c3 56 53 
30 00 33 
70 6c 69 

69 6f 6e 
01 45 00 
01 29 22 

73 00 20 
65 00 70 
60 07 89 
00 01 00 



00 08 
80 84 
6f 20 
c5 19 
fa 68 
fb 38 
02 36 
20 ec 

01 ee 
32 31 
00 8b 
73 74 
41 44 
54 39 
60 Ob 
63 61 
12 2b 
07 00 
00 53 
00 47 

00 65 
a6 ee 

01 00 



91 4a 

01 40 

00 52 

00 50 

00 12 

00 12 

00 00 

f3 2e 

00 00 

32 20 

17 ca 

20 61 

56 69 

34 48 

Ob 00 

74 69 
80 56 
08 81 
00 69 
00 61 
00 72 

75 bb 



00 02 
00 08 
00 07 
6f 20 
00 00 
fa 94 
00 Oe 
00 00 

00 00 
le 00 
6a 04 
70 70 
73 69 
54 04 
Ob Of 
6f 6e 

01 74 
6b 00 
00 65 
00 74 
07 00 
59 cl 



00 08 
00 00 
00 00 
00 52 
00 00 
00 12 
00 00 
00 00 
00 00 
00 01 
7f 22 
6c 69 
6f 6e 

00 35 
54 65 
08 52 

07 00 

01 05 
00 6d 
00 65 

08 81 
a6 ca 



2b Oc 02 
00 00 00 
fb 38 00 
00 07 00 
00 00 00 
fa 9c 00 
02 36 00 
9d b5 72 
ff ff ff 
00 8b 17 
cO Ob Ob 
63 61 74 
00 02 08 
00 33 00 
73 74 20 
41 44 56 
08 81 6b 
cO 3a 22 
00 65 00 
00 6b 00 
6b 00 01 
a4 72 01 



<1066> OCTET 



.€:'... 'J. . 


. + . . 


"S. . .€,,.0. . 

. !r. [o .R. . 
.lih. .A. .Po 
.u8 . .lih. . . . 
.lA.Pu8. .li" 
. .i. . .6 


.u8. 

R. . . 

.lice. 
. .6. 


. V= . lO . . . 


■ -yr 


Z.P.A.l. . . . 
y 1 3212 . . 


■ yyy 
. . < . 


Ej.€. .< .Ej. -"A. . 
. . . Test applicat 
ion . RADVision . . . 
.FAVST94HT. .5.3. 
4.0.3" Test 


application 


RADV 


ision.+€V.t 
. . .E -k. 


. . -k 
.A:" 


bU . ) " . S . i . e 


m. e . 


n. s . .G.a.t 


e.k. 


e . e .p. e . r . . 
. . ~ .°s;| iu»YA 


;k. . 

Ear. 



14:34: 

14:34: 

14:34: 

14:34: 

14:34: 

<878> 

14:34; 

14:34: 

14:34: 

}. <] 

14:34: 

.R. . . . 

=0x01' 

14:34: 

14:34; 

14:34; 

14:34; 

14:34; 

OCTET 

14:34; 

14:34; 

14:34; 

14:34; 

14:34; 

OCTET 

14:34; 

14:34; 

14:34; 

14:34; 

14:34; 

14:34; 

14:34; 

14:34; 

=0x54( 

14:34; 

OCTET 

14:34; 

14:34; 

14:34; 



21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 
OBJECT IDENT 
21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 
21> OBJECT 
21 UDPCHAN 
.8. . .h. . . . 



Mess 
0> 
1> 
2> 
2> 

IFIER 
2> 
3> 
4> 

DENTIFI 
: 3> 

. . . .1. 



age : 
<584 
. <5 



> RasMessage = (6502) . <771> CHOICE ... 

86> registrationRequest = (4294967185) . <702> SEQUENCE ... 

<587> requestSeqNum = (14888) . <883> INTEGER (1.. 65535) 

<588> protocolldentif ier = (6) { itu-t recommendation h 2250 2}. 

<590> nonStandardData = (4294967185) . <972> SEQUENCE 

. <591> nonStandardldentifier = (10964) . <969> CHOICE ... 

. . <592> object = (8) { iso identif ied-organization 12 2 1107 2 6 1 



ER 



:000080000000 
21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 
STRING (4. .4 
21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 
STRING (4. .4 
21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 

;573742061707 
21 UDPCHAN 
STRING (1. 
21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 



0000021 
2> 
2> 
3> 
4> 
5> 



5> 
2> 
3> 
4> 
5> 



5> 
2> 
3> 
4> 
5> 
5> 
5> 
4> 

06c6963 
: 4> 

56 

3> 
3> 
3> 



P. 8. 
7200 



.R. . . . 
.rZ.P. 



.h. 



. <594> data = (132) '.@ !r. 

6 6 . . ~ v= 

5b6f2000. <125> OCTET STRING 

<601> discoveryComplete = (0) . <83> BOOLEAN 

<602> callSignalAddress = (1) . <381> SEQUENCE OF 

. <603> * = (6669) . <1084> CHOICE ... 

. . <604> ipAddress = (4294967185) . <1081> SEQUENCE 

. . . <605> ip = (4) '...j' =0x8bl7ca6a <139 . 23 . 202 . 106> 



Po 



. . . <607> port = (1152) . <115> INTEGER (0.. 65535) 

<608> rasAddress = (1) . <381> SEQUENCE OF 

. <609> * = (6669) . <1084> CHOICE ... 

. . <610> ipAddress = (4294967185) . <1081> SEQUENCE 

. . . <611> ip = (4) '...j' =0x8bl7ca6a <139 . 23 . 202 . 106> 



1 321' 



<1066> 



<1066> 



256) 



<613> port = (1151) . <115> INTEGER (0.. 65535) 

. . <614> terminalType = (4294967185) . <1050> SEQUENCE ... 
. . . <615> vendor = (4294967185) . <980> SEQUENCE . . . 
. . . . <616> vendor = (4294967185) . <975> SEQUENCE . . . 

<617> t35CountryCode = (11) . <116> INTEGER (0..255) 

<618> t35Extension = (11) . <116> INTEGER (0..255) 

<619> manufacturerCode = (11) . <115> INTEGER (0.. 65535) 

. . . . <620> productid = (16) 'Test application' 

6174696f6e. <979> OCTET STRING (1..256) 

. . . . <622> versionid = (9) 'RADVision' =0x5241445669736961 6e . <979> 

. . . <624> terminal = (4294967185) . <986> SEQUENCE ... 

. . . <625> mc = (0) . <83> BOOLEAN 

. . . <626> undefinedNode = (0) . <83> BOOLEAN 
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14 


34:21 UDPCHAN 


2> 


14 


34:21 UDPCHAN 


3> 


14 


34:21 UDPCHAN 


4> 


=0x313339303233323 032313 


14 


34:21 UDPCHAN 


3> 


14 


34:21 UDPCHAN 


4> 


BMPString (1..256) 




14 


34:21 UDPCHAN 


2> 


14 


34:21 UDPCHAN 


3> 


14 


34:21 UDPCHAN 


4> 


14 


34:21 UDPCHAN 


4> 


14 


34:21 UDPCHAN 


4> 


14 


34:21 UDPCHAN 


3> 


=0x5465737420617070 


5c696 


14 


34:21 UDPCHAN 


3> 


STRING (1..256) 




14 


34:21 UDPCHAN 


2> 


14 


34:21 UDPCHAN 


3> 


14 


34:21 UDPCHAN 


4> 


14 


34:21 UDPCHAN 


5> 


14 


34:21 UDPCHAN 


6> 


<121> OBJECT IDENTII 


"lER 


14 


34:21 UDPCHAN 


6> 


14 


34:21 UDPCHAN 


7> 


<121> OBJECT IDENTII 


"lER 


14 


34:21 UDPCHAN 


7> 


14 


34:21 UDPCHAN 


7> 


14 


34:21 UDPCHAN 


7> 


=0x005300690065006d 


50650 


14 


34:21 UDPCHAN 


6> 


14 


34:21 UDPCHAN 


7> 


1. 


<121> OBJECT IDI 


:ntif 


14 


34:21 UDPCHAN 


7> 


14 


34:21 UDPCHAN 


8> 


14 


34:21 UDPCHAN 


7> 


=0x07 8 9a6ee7 5bb5 9clc 


i6caa 


14 


34:21 UDPCHAN 


2> 


14 


34:21 UDPCHAN 


2> 


14 


34:21 UDPCHAN 


2> 


14 


34:21 UDPCHAN 


2> 



<627> terminalAlias = (2) . <380> SEQUENCE OF 
. <628> * = (3942) . <962> CHOICE . . . 
. . <629> el64 = (17) '13902320210601152' 
30363031313532. <961> IA5String (1..128) FROM '#*, 0123456789 ' 
. <631> * = (4187) . <962> CHOICE . . . 
. . <632> h323-ID = (10) '.5.3.4.0.3' =0x00350033003400300033. 



<960> 



<634> endpolntVendor = (4294967185) . <980> SEQUENCE ... 
<635> vendor = (4294967185) . <975> SEQUENCE ... 
. <636> t35CountryCode = (11) . <116> INTEGER (0..255) 
. <637> t35Extension = (11) . <116> INTEGER (0..255) 
. <638> manufacturerCode = (11) . <115> INTEGER (0.. 65535) 
<639> productid = (16) 'Test application' 
5361746961 6e. <979> OCTET STRING (1..256) 

. <641> versionid = (9) 'RADVision' =0x5241445669736961 6e . <979> OCTET 

<643> cryptoTokens = (1) . <283> SEQUENCE OF 

. <644> * = (4466) . <832> CHOICE . . . 

. . <645> nestedcryptoToken = (9106) . <192> CHOICE ... 

. . . <646> cryptoHashedToken = (4294967185) . <177> SEQUENCE 

.... <647> tokenOID = (7) { itu-t recommendation h 235 Oil}. 



<649> hashedVals 
. <650> tokenOID 



(4294967185) . <239> SEQUENCE ... 

(7) { itu-t recommendation h 235 15 



<652> timeStamp = (975332060) . <281> INTEGER (1. 
<653> random = (41) . <280> INTEGER 



-1) 



.G. 



<231> 
itu-t 



SEQUENCE 
recommendation 



<654> generallD = (36) '.S 

]06e0073002000. <278> BMPString (1..128) 
.... <657> token = (4294967185) . 

<658> algorithmOID = (7) 

^lER 

<660> paramS 

<661> null 

<662> hash = 

a47200. <139> BIT STRING 

<664> keepAlive = (0) . <83> BOOLEAN 

<665> willSupplyUUIEs = (0) . <83> BOOLEAN 

<666> maintainConnection = (0) . <83> BOOLEAN 

<667> supportsAnnexECallSignalling = (0) . <83> BOOLEAN 



t.e.k.e.e.p.e.r' 



h 235 1 



= (4294967185) 
= (4294967173) 
(96) ' . . . .u.Y. 



<226> SEQUENCE 
<95> NULL 



5.3 Separate Steps 

Verification steps for the obtained CryptoToken; 



^***********-* 



RECEIVE RRQ FROM EP AT GK 



00:0 
0000 
0000 
0000 
0000 
0000 
0000 
0000 
0000 
0000 
0000 
0000 
0000 
0000 
0000 
0000 
0000 



:31 I 



31 
31 
31 
31 
31 
31 
32 
32 
32 
32 
32 
32 
33 
33 
33 
33 



UDP IN registrationRequest for nodeld 492 


(packet length 211: 


0000 


Oe 


80 


3a 


27 


06 


00 


08 


91 


4a 


00 


02 


00 


01 


00 


8b 


17 


0010 


ca 


6a 


04 


80 


01 


00 


8b 


17 


ca 


6a 


04 


7f 


22 


cO 


Ob 


Ob 


0020 


00 


Ob 


Of 


54 


65 


73 


74 


20 


61 


70 


70 


6c 


69 


63 


61 


74 


0030 


69 


6f 


6e 


08 


52 


41 


44 


56 


69 


73 


69 


6f 


6e 


00 


02 


08 


0040 


00 


46 


c3 


56 


53 


54 


39 


34 


48 


54 


04 


00 


35 


00 


33 


00 


0050 


34 


00 


30 


00 


33 


60 


Ob 


Ob 


00 


Ob 


Of 


54 


65 


73 


74 


20 


0060 


61 


70 


70 


6c 


69 


63 


61 


74 


69 


6f 


6e 


08 


52 


41 


44 


56 


0070 


69 


73 


69 


6f 


6e 


12 


2b 


80 


56 


01 


74 


07 


00 


08 
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1) Determine IP-Address: 

0000:08:33 | New message recv <- registrationRequest on RAS from 492 
0000:08:33 t Read IP Address for EP 139.23.202.106:1151 

2) Read alias: 



0000 
0000 
0000 
0000 
0000 



08 


66 I 


08 


66 1 


08 
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08 
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08 


67 1 



EP Alias 53403-> Get User Info (from external database) : 

-> User=Fries, UID=53403, PWLen=20, LC=Wed Aug 25 13:52:19 1999 

-> Hashed Passphrase (fries shal-hashed) 



0000: 91 27 Ic 95 
0010: 8a 86 b6 d4 



fO a3 aO 6f Od 79 75 bl 19 5f al 2£ 



. o . yu . 



3) Read CryptoTokenOID: 



0000:08:67 t Recv/RecvFrom: Found Crypto Token: token len = 15 Bytes, tokenOID = 
0000:08:67 1 0000: 30 20 30 20 38 20 32 33 35 20 30 20 31 20 31 '0 8 235 Oil' 
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4) Read ClearTokenOID: 

0000:08:67 | Recv/RecvFrom: Found Crypto Token: token len = 15 Bytes, tokenOID (2) = 
0000:08:67 | 0000: 30 20 30 20 38 20 32 33 35 20 30 20 31 20 35 '0 8 235 15' 

5) Read generallD: 
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Found Crypto Token: token len = 36 


Bytes 


generallD 


= 
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6) Read algorithmOID: 

0000:08:68 t Recv/RecvFrom: Found Crypto Token: token len = 15 Bytes, algorithmOID = 
0000:08:68 1 0000: 30 20 30 20 38 20 32 33 35 20 30 20 31 20 36 '0 8 235 16' 

7) Read Sequence Number: 

0000:08:68 I Recv/RecvFrom: Found Crypto Token: sequence_number = 41 

8) Read timestamp: 

0000:08:68 | Recv/RecvFrom: Found Crypto Token: timestamp = 975332060 

9) Read token value: 

0000:08:68 | Recv/RecvFrom: Found Crypto Token: token len = 96 Bits, token value = 
0000:08:68 | 0000: 07 89 a6 ee 75 bb 59 cl a6 ca a4 72 ' . . . . u . Y . . . . r ' 

10) Perform verification checks: 

68 I Recv/RecvFrom: (h235__checkToken) clear token OID check passed 

68 I Recv/RecvFrom: (h235_checkToken) crypto token OID check passed 

68 I Recv/RecvFrom: (h235_checkToken) crypto algorithm OID check passed 

68 1 Recv/RecvFrom: (h235_checkToken) time value in range 

68 I Recv/RecvFrom: (h235_checkToken) generallD check passed 

1 l)Locate and read hash value: 

0000:08:69 | Recv/RecvFrom: (h235_checkToken) found ICV in raw message on position 195 
0000:08:69 I 0000: 07 89 a6 ee 75 bb 59 cl a6 ca a4 72 ' . . . .u. Y. . . . r ' 

12)Re-compute hash value: 

0000:08:69 | Crypto-Module : Start Message Hash Session 
0000:08:69 1 Crypto-Module: End Message Hash Session 

13) Verify hash value: 
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08 
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69 I ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 

69 I + + 

69 1 + SUCCESSFUL INTEGRITY CHECK + 

69 1 + Recv/RecvFrom: registrationRequest on RAS : 

69 I + VALID TOKEN received from User Fries (ID: 53403) 

69 I + + 

69 \ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 



5.4 Test configurations 

5.4.1 Gatekeeper and Terminal 

For further study. 

5.4.2 Gatekeeper and Gateway 

For further study. 

5.4.3 Gatekeeper and Gatekeeper 

The Gatekeeper Gatekeeper communications according to H.235 [2] annex D is very similar to the terminal Gatekeeper 
communication. The generallD and the sendersID are the only fields that have different values. 
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6 H.235 annex F 



For further study. 



7 Global Service Providers 



For further study. 
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